<?php
/* ----------------------------------------------------------
--               JacoCMS by Jaco Ruit                      --
-------------------------------------------------------------
--     JacoCMS is Open Source and is lincenced under       --
--             GNU General Public Licence v3               --
--          http://www.gnu.org/copyleft/gpl.html           --
-------------------------------------------------------------
--       Please don't remove any text from the footers.    --
-------------------------------------------------------------
-- Credits:   * Jaco Ruit          ~     Scripts,MySQL     --     
-----------------------------------------------------------*/

# JacoCMS User Class

class User
{
	public function validateCookie ($uname, $encpw)
	{
		$query = "SELECT id FROM users WHERE username='" . $uname . "' AND password='" . $encpw . "'";
		$result = mysql_query($query);
		if (mysql_num_rows($result) == 1)
		{
			mysql_free_result($result);
			return true;
		}
		else
		{
			mysql_free_result($result);
			return false;
		}
	}
	public function validate($uname, $pword)
	{
		#DON'T EDIT THIS PART! IT WILL MESS UP YOUR USERS' PASSWORDS!
		$salt =  '234204xjla029ax020asoO233';
		$salt2 = 'sDF234kasnl';
		$encpw = sha1($salt . $pword . $salt2);
		$query = "SELECT id FROM users WHERE username='" . $uname . "' AND password='" . $encpw . "'";
		$result = mysql_query($query);
		if (mysql_num_rows($result) == 1)
		{
			mysql_free_result($result);
			return true;
		}
		else
		{
			mysql_free_result($result);
			return false;
		}
	}
	
	public function isAdmin($uname)
	{
		$query = "SELECT rank FROM users WHERE username='" . $uname . "'";
		$result = mysql_query($query);
		while ($row = mysql_fetch_assoc($result)) 
		{
			$rank = $row['rank'];
		}
		mysql_free_result($result);
		if ($rank == 2)
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	
	public function checkIfUnameExists($uname)
	{
		$query = "SELECT id FROM users WHERE username='" . $uname . "'";
		$result = mysql_query($query);
		if (mysql_num_rows($result) == 1)
		{
			mysql_free_result($result);
			return true;
		}
		else
		{
			mysql_free_result($result);
			return false;
		}
	}
	
	public function register($uname, $pword, $email, $rank)
	{ 
		$newid = $this->getLastID() + 1;
		$salt =  '234204xjla029ax020asoO233';
		$salt2 = 'sDF234kasnl';
		$encpw = sha1($salt . $pword . $salt2);
		$query = "INSERT INTO users (id,username,password,email,rank) VALUES ('" . $newid . "','" . $uname . "','" . $encpw . "','" . $email . "','" . $rank . "')";
		$result = mysql_query($query);
	}
	
	public function getLastID()
	{
		$q = "SELECT id FROM users ORDER BY id DESC";
		$r = mysql_query($q);
		$lastid = mysql_fetch_array($r);
		mysql_free_result($r);
		return $lastid['id'];
	}
	
	public function getNameByID($searchid)
	{
		$query = "SELECT username FROM users WHERE id='" . $searchid . "'";
		$result = mysql_query($query);
		while ($row = mysql_fetch_assoc($result)) 
		{
			$username = $row['username'];
		}
		mysql_free_result($result);
		return $username;
	}
	
	public function getTable($array)
	{
		$code = null;
		if ($array['rank'] == 1)
		{
			$code = '<tr><td>' . $array['id'] . '</td><td>' . $array['username'] . '</td><td>' . $array['email'] . '</td><td>User</td><td><a href="deleteu-' . $array['id'] . '">Delete</a></td></tr>';
		}
		else if ($array['rank'] == 2)
		{
			$code = '<tr><td>' . $array['id'] . '</td><td>' . $array['username'] . '</td><td>' . $array['email'] . '</td><td>Admin</td><td><a href="deleteu-' . $array['id'] . '">Delete</a></td></tr>';
		}
		return $code;
	}
	
	public function getWholeTable()
	{
		$htmlcode = "<table><tr><th>ID</th><th>Username</th><th>Email</th><th>Rank</th></tr>";
		$query = "SELECT email, rank, id, username FROM users ORDER BY id DESC";
		$result = mysql_query($query);
		while ($row = mysql_fetch_assoc($result)) 
		{
			$id = $row['id'];
			$rank = $row['rank'];
			$email = $row['email'];
			$username = $row['username'];
			$arr = array("id" => $id, "email" => $email, "rank" => $rank, "username" => $username);
			$htmlcode .= $this->getTable($arr);
		}
		$htmlcode .= '</table>';
		mysql_free_result($result);
		return $htmlcode;
	}
	
	public function delete($idtodel)
	{
		$query = "DELETE FROM users WHERE id='" . $idtodel . "'";
		$result = mysql_query($query);
	}
	
	public function checkIfIDExists($idtosearch)
	{
		$query = "SELECT username FROM users WHERE id='" . $idtosearch . "'";
		$result = mysql_query($query);
		if (mysql_num_rows($result) == 1)
		{
			mysql_free_result($result);
			return true;
		}
		else
		{
			mysql_free_result($result);
			return false;
		}
	}
}